Now That Vodafone Has Come Out With A Real Transparency Report, Will US Telcos Follow Suit?

from the of-course-not dept

On Friday, we reported the surprising fact that Vodafone had not just followed the latest trend in issuing a transparency report, but actually flat out admitted that many governments had direct access to its phone lines, which allowed those governments to listen in on calls without a warrant. That level of transparency is great, because all too often with the "transparency" reports we've seen from some companies, they seem more focused on hiding what's really going on. Too frequently, this is because of requirements from the government, which has (almost certainly illegal and unconstitutional) gag orders on what companies are allowed to say about requests for government information. However, it's almost certainly also because companies are now afraid of admitting the kinds of things they've allowed governments to do in secret -- and are worried about how the public would respond.

However, I'm hopeful that Vodafone's decision to just step up and admit the level of access that governments have had will lead other companies to "come clean" on the sins of their past, and how they've given governments way too much access. Rather than have it leak by a whistleblower, to have the companies step up and admit to exactly what's gone on, while at the same time calling for a change in laws and policies (as Vodafone did) might actually help to restore some confidence that these companies aren't just happily handing over access, but are willing to publicize what's happening and also fight back against the excesses as well.

In the US, for example, it was a remarkable struggle just to get the big telcos to finally agree to issue transparency reports -- and when those transparency reports were released, they were remarkably opaque, rather than transparent. Such a transparency report does little to build confidence in what's happening, and actually breeds greater distrust. Coming clean, saying what's really going on, and how the telcos plan to move forward, seems like the only real way to rebuild any semblance of trust.

Canary of some sort?

Shouldn't it, in theory, be possible for a company to issue a statement to the effect of "The following (insert agency/organization/governments) do NOT have direct access to X resources" similar to how a warrant canary works?

I know that there's a lot of ways that this could get very complex very quickly but surely there's a way to create the right group of inclusion/exclusion statements for nearly any situation...

Re: Canary of some sort?

That's sure not going to work for AT&T. Knowledge of their direct hook to the internet feeds is already public knowledge.

About the only way that US corporations will admit to this, is if they see there profit line disappearing and that credited to the damage received from the NSA fallout. Even then it is more likely to go the way of Goggle, who is saying they are securing their datalines but are not saying whether the NSA has issued them NSLs. I doubt you will hear that one out in the open unless the NSLs are ruled illegal.

I found the part where Vodafone states if they have access to the decryption keys for a message, they must handover those keys to law enforcement if requested. So much for server-side encrypted email. Or anything else where the client isn't in sole possession of the decryption keys.

I wouldn't even trust JavaScript cryto, because JavaScript is served up by the web server, to the client.

Re:

I wouldn't even trust JavaScript cryto, because JavaScript is served up by the web server, to the client.

You shouldn't trust anything sent by the server (this is how Hushmail compromises their users), but Javascript can reside entirely in the client, e.g., in a Firefox extension, and would then be reasonably secure.

Lawyers should be forum shopping in Europe now for civil cases. And most of countries have private bills of indictment, where citizens can bypass prosecutors in criminal courts. And on top of it, executives at telcos and their handlers at spy agencies have no immunity of ANY kind. That includes both local and foreign such as Clapper and Alexander.